Beta Disclaimer! Please note that we are currently in our beta test phase and we are updating the site on a regular basis.

How to Complain to the Information Commissioner


Share :

Requests for Information

Your request for information (subject access request), goes to your employer (the data controller). If your subject access request is not carried out properly or ignored, you have two options.


Powers of the ICO

The Information Commissioners Office (ICO) has several powers of enforcement under the Data Protection Act 2018 (DPA 2018). These powers rely on breaches being brought to the attention of the ICO.

  • Serve information notices requiring organisations to provide the Information Commissioner’s Office with specified information within a certain time period;
  • Issue undertakings committing an organisation to a particular course of action in order to improve its compliance;
  • Serve enforcement notices and ‘stop now’ orders where there has been a breach, requiring organisations to take (or refrain from taking) specified steps in order to ensure they comply with the law;
  • Conduct consensual assessments (audits) to check organisations are complying;
  • Serve assessment notices to conduct compulsory audits to assess whether organisations processing of personal data follows good practice (data protection only);
  • Issue monetary penalty notices.
  • Prosecute those who commit criminal offences under the Act; and
  • Report to Parliament on data protection issues of concern.

Last Updated: [31/08/2021]